1. 首頁
  2. 問答
  3. 通過相互連接的SSL失敗讀進來的ChangeCipherSpec

通過相互連接的SSL失敗讀進來的ChangeCipherSpec

2015-06-05 52 views
0

我們需要使用相互SSL連接到服務器,但由於某種原因,我們正在努力使一個請求時,出現以下錯誤:通過相互連接的SSL失敗讀進來的ChangeCipherSpec

[...] 
readIncomingTls_changeCipherSpec2: 
    processTlsRecord: 
    processAlert: 
     TlsAlert: 
     level: fatal 
     descrip: handshake failure 
     --TlsAlert 
    --processAlert 
    --processTlsRecord 
--readIncomingTls_changeCipherSpec2 
Failed to read incoming handshake messages. (3) 
Client handshake failed. (3) 
Failed to connect. 
[...]

私鑰而CSR是由我們提出的,並且我們所連接的人員向我們返回的證書。

結合按鍵和證書成PEM文件並添加到像這樣的請求,工作沒有問題,在其他腳本中各自的密鑰證書和目標:

var Gateway = new ActiveXObject("Chilkat.Http"); 
    Gateway.UnlockComponent("redacted"); 
var pemSuccess = Gateway.SetSslClientCertPem(Server.MapPath(certPath), ""); 
    Gateway.ConnectTimeout = 10;   
    Gateway.ReadTimeout = 10;

然而,在這種情況下,不僅是pemSuccess返回0,但我注意到,改變這個或完全刪除線不會改變錯誤,暗示它在這之前已經破裂了?

不幸的是,我在這個過程的知識水平有限,我不知道如何解決這個問題。

一些Google導致chilkat支持頁面提示更新DLL並確保.pem使用正確的密鑰和證書,但這些都是應有的。

編輯2015年8月6日: 改變----- BEGIN CERTIFICATE -----的 頁眉/頁腳--- BEGIN CERTIFICATE --- 已經允許SetSslClientCertPem返回true格式,但在其他方面不改變LastErrorText ...

完全LastErrorText:

SynchronousRequest: 
    DllDate: Dec 12 2012 
    UnlockPrefix: [redacted] 
    Username: [redacted] 
    Architecture: Little Endian; 32-bit 
    Language: ActiveX 
    VerboseLogging: 0 
    domain: [redacted] 
    port: 9000 
    ssl: 1 
    RequestData: 
     HttpVersion: 1.1 
     Verb: POST 
     Path: [redacted] 
     Charset: utf-8 
     SendCharset: 0 
     MimeHeader: SOAPAction: 
Content-Type: text/xml 
    --RequestData 
    ReadTimeout: 10 
    ConnectTimeout: 10 
    httpConnect: 
     hostname: [redacted] 
     port: 9000 
     ssl: 1 
     Need to establish connection to the HTTP server... 
     ConnectTimeoutMs_1: 10000 
     calling ConnectSocket2 
     IPV6 enabled connect with NO heartbeat. 
     connectingTo: [redacted] 
     resolveHostname1: 
     dnsCacheLookup: [redacted] 
     dnsCacheHit: [redacted] 
     --resolveHostname1 
     GetHostByNameHB_ipv4: Elapsed time: 0 millisec 
     myIP_1: [redacted] 
     myPort_1: [redacted] 
     connect successful (1) 
     clientHelloMajorMinorVersion: 3.1 
     buildClientHello: 
     majorVersion: 3 
     minorVersion: 1 
     numRandomBytes: 32 
     sessionIdSize: 0 
     numCipherSuites: 10 
     numCompressionMethods: 1 
     --buildClientHello 
     readIncomingTls_serverHello: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: ServerHello 
      handshakeMessageLen: 0x46 
      processHandshakeMessage: 
       MessageType: ServerHello 
       Processing ServerHello... 
       ServerHello: 
       MajorVersion: 3 
       MinorVersion: 1 
       SessionIdLen: 32 
       CipherSuite: RSA_WITH_AES_256_CBC_SHA 
       CipherSuite: 00,35 
       CompressionMethod: 0 
       Queueing ServerHello message. 
       ServerHello is OK. 
       --ServerHello 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_serverHello 
     HandshakeQueue: 
     MessageType: ServerHello 
     --HandshakeQueue 
     Dequeued ServerHello message. 
     readIncomingTls_6: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: Certificate 
      handshakeMessageLen: 0xf13 
      processHandshakeMessage: 
       MessageType: Certificate 
       ProcessCertificates: 
       Certificate: 
        [cert info] 
       --Certificate 
       Certificate: 
        [cert info] 
       --Certificate 
       Certificate: 
        [cert info] 
       --Certificate 
       NumCertificates: 3 
       Queueing Certificates message... 
       --ProcessCertificates 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_6 
     Dequeued Certificate message. 
     readIncomingTls_6: 
     processTlsRecord: 
      processHandshake: 
      handshakeMessageType: CertificateRequest 
      handshakeMessageLen: 0x6 
      processHandshakeMessage: 
       MessageType: CertificateRequest 
       CertificateRequest: 
       NumCertificateTypes: 3 
       Certificate Type: RSA Sign 
       Certificate Type: DSS Sign 
       OtherCertificateType: 64 
       totalLen: 0 
       NumDistinguishedNames: 0 
       CertificateRequest message is OK. 
       Queueing CertificateRequest message. 
       --CertificateRequest 
      --processHandshakeMessage 
      handshakeMessageType: ServerHelloDone 
      handshakeMessageLen: 0x0 
      processHandshakeMessage: 
       MessageType: ServerHelloDone 
       Queueing HelloDone message. 
      --processHandshakeMessage 
      --processHandshake 
     --processTlsRecord 
     --readIncomingTls_6 
     Dequeued CertificateRequest message. 
     DequeuedMessageType: ServerHelloDone 
     OK to ServerHelloDone! 
     Sending 0-length certificate (this is normal). 
     CertificatesMessage: 
     numCerts: 0 
     CertificateSize: 0x3 
     --CertificatesMessage 
     Encrypted pre-master secret with server certificate RSA public key is OK. 
     Sending ClientKeyExchange... 
     Sent ClientKeyExchange message. 
     Sending ChangeCipherSpec... 
     Sent ChangeCipherSpec message. 
     Derived keys. 
     Installed new outgoing security params. 
     Sending FINISHED message.. 
     algorithm: aes 
     keyLength: 256 
     Sent FINISHED message.. 
     readIncomingTls_changeCipherSpec2: 
     processTlsRecord: 
      processAlert: 
      TlsAlert: 
       level: fatal 
       descrip: handshake failure 
      --TlsAlert 
      --processAlert 
     --processTlsRecord 
     --readIncomingTls_changeCipherSpec2 
     Failed to read incoming handshake messages. (3) 
     Client handshake failed. (3) 
     Failed to connect. 
    --httpConnect 
    connectTime1: Elapsed time: 47 millisec 
    totalTime: Elapsed time: 47 millisec 
    Failed. 
    --SynchronousRequest 
--ChilkatLog

來源

2015-06-05 Gavin

回答

0

所以事實證明,儘管發送方堅持幾次證書是正確的,儘管他們堅持(當問)那電子郵件編碼還沒有剝離任何字符,結果證明了這一點證書不正確,電子郵件編碼從正文中剝離了一些字符。

謹防以+字符開頭的行。

來源

2015-06-19 15:11:13 Gavin

相關問題

 相關問題